beautypg.com

Security mode and normal mode of voice vlans – H3C Technologies H3C S5560 Series Switches User Manual

Page 206

background image

172

Port link

type

Voice VLAN assignment

mode

Support for tagged

voice traffic

Configuration requirements

Hybrid

Automatic Yes

The PVID of the port cannot be the voice
VLAN.

Manual Yes

The PVID of the port cannot be the voice
VLAN. Configure the port to forward the
packets from the voice VLAN with VLAN

tags.

Table 14 Configuration requirements for access/trunk/hybrid ports to support untagged voice traffic

Port link

type

Voice VLAN

assignment mode

Support for untagged

voice traffic

Configuration requirements

Access

Automatic No

N/A

Manual

Yes

Configure the voice VLAN as the PVID of the port.

Trunk

Automatic No

N/A

Manual Yes

Configure the voice VLAN as the PVID of the port.
Configure the port to forward the packets from
the voice VLAN.

Hybrid

Automatic No

N/A

Manual Yes

Configure the voice VLAN as the PVID of the port.
Configure the port to forward the packets from
the voice VLAN without VLAN tags.

If an IP phone sends out tagged voice traffic, and its accessing port is configured with 802.1X

authentication, guest VLAN, Auth-Fail VLAN, or critical VLAN, the VLAN ID must be different for the

following VLANs:

Voice VLAN.

PVID of the accessing port.

802.1X guest, Auth-Fail, or critical VLAN.

If an IP phone sends out untagged voice traffic, the PVID of the accessing port must be the voice VLAN.

As a result, 802.1X authentication is not supported.

Security mode and normal mode of voice VLANs

Depending on the incoming packet filtering mechanisms, a voice VLAN-enabled port can operate in one

of the following modes:

Normal mode—The port receives voice-VLAN-tagged packets and forwards them in the voice
VLAN without examining their MAC addresses. If the PVID of the port is the voice VLAN and the

port operates in manual VLAN assignment mode, the port forwards all the received untagged

packets in the voice VLAN.
In this mode, voice VLANs are vulnerable to traffic attacks. Malicious users might send large
quantities of forged voice-VLAN-tagged or untagged packets to consume the voice VLAN

bandwidth to affect normal voice communication.

Security mode—The port uses the source MAC addresses of voice packets to match the OUI
addresses of the device. Packets that fail the match will be dropped.

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: